From 288389c93eb81bcfee7972b45237f98e9ceaabaa Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Tue, 4 Jan 2022 08:38:14 -0500
Subject: [PATCH 1/6] Soup changes for 2.3.100

---
 salt/common/tools/sbin/soup | 32 +++++++++++++++++++++-----------
 1 file changed, 21 insertions(+), 11 deletions(-)

diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup
index 50c925d22..9d523715a 100755
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -399,6 +399,7 @@ preupgrade_changes() {
     [[ "$INSTALLEDVERSION" == 2.3.30 || "$INSTALLEDVERSION" == 2.3.40 ]] && up_to_2.3.50
     [[ "$INSTALLEDVERSION" == 2.3.50 || "$INSTALLEDVERSION" == 2.3.51 || "$INSTALLEDVERSION" == 2.3.52 || "$INSTALLEDVERSION" == 2.3.60 || "$INSTALLEDVERSION" == 2.3.61 || "$INSTALLEDVERSION" == 2.3.70 ]] && up_to_2.3.80
     [[ "$INSTALLEDVERSION" == 2.3.80 ]] && up_to_2.3.90
+    [[ "$INSTALLEDVERSION" == 2.3.90 || "$INSTALLEDVERSION" == 2.3.91 ]] && up_to_2.3.100
     true
 }
 
@@ -410,6 +411,7 @@ postupgrade_changes() {
     [[ "$POSTVERSION" == 2.3.21 || "$POSTVERSION" == 2.3.30 ]] && post_to_2.3.40
     [[ "$POSTVERSION" == 2.3.40 || "$POSTVERSION" == 2.3.50 || "$POSTVERSION" == 2.3.51 || "$POSTVERSION" == 2.3.52 ]] && post_to_2.3.60
     [[ "$POSTVERSION" == 2.3.60 || "$POSTVERSION" == 2.3.61 || "$POSTVERSION" == 2.3.70 || "$POSTVERSION" == 2.3.80 ]] && post_to_2.3.90
+    [[ "$POSTVERSION" == 2.3.90 || "$POSTVERSION" == 2.3.91 ]] && post_to_2.3.100
     true
 }
 
@@ -459,11 +461,12 @@ post_to_2.3.90() {
       fi
     fi
 
-  
-
   POSTVERSION=2.3.90
 }
 
+post_to_2.3.100() {
+  echo "Post Processing for .100"
+}
 
 up_to_2.3.20(){
   DOCKERSTUFFBIP=$(echo $DOCKERSTUFF | awk -F'.' '{print $1,$2,$3,1}' OFS='.')/24
@@ -657,6 +660,10 @@ up_to_2.3.90() {
   INSTALLEDVERSION=2.3.90
 }
 
+up_to_2.3.100() {
+  echo "Updating to Security Onion to 2.3.100"
+  fix_wazuh
+}
 
 verify_upgradespace() {
   CURRENTSPACE=$(df -BG / | grep -v Avail | awk '{print $4}' | sed 's/.$//')
@@ -855,20 +862,23 @@ verify_latest_update_script() {
 
 apply_hotfix() {
   if [[ "$INSTALLEDVERSION" == "2.3.90" ]] ; then
-    FILE="/nsm/wazuh/etc/ossec.conf"
-    echo "Detecting if ossec.conf needs corrected..."
-    if head -1 $FILE | grep -q "xml version"; then
-      echo "$FILE has an XML header; removing"
-      sed -i 1d $FILE
-      so-wazuh-restart
-    else    
-      echo "$FILE does not have an XML header, so no changes are necessary."
-    fi
+    fix_wazuh
   else
     echo "No actions required. ($INSTALLEDVERSION/$HOTFIXVERSION)"
   fi
 }
 
+fix_wazuh() {
+  FILE="/nsm/wazuh/etc/ossec.conf"
+  echo "Detecting if ossec.conf needs corrected..."
+  if head -1 $FILE | grep -q "xml version"; then
+    echo "$FILE has an XML header; removing"
+    sed -i 1d $FILE
+    so-wazuh-restart
+  else    
+    echo "$FILE does not have an XML header, so no changes are necessary."
+  fi
+}
 
 main() {
   trap 'check_err $?' EXIT

From 7bb9b6efa9bb56f60736f8c9cca0fc3cf8d3af86 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Tue, 4 Jan 2022 10:27:45 -0500
Subject: [PATCH 2/6] populate mine with network.ip_addrs pillar.host.mainint
 for each host prior to highstate

---
 salt/common/tools/sbin/soup | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup
index 9d523715a..de7614561 100755
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -662,6 +662,8 @@ up_to_2.3.90() {
 
 up_to_2.3.100() {
   echo "Updating to Security Onion to 2.3.100"
+  echo "Populating the mine with network.ip_addrs pillar.host.mainint for each host."
+  salt \* cmd.run cmd='MAININT=$(salt-call pillar.get host:mainint --out=newline_values_only) && salt-call mine.send name=network.ip_addrs interface="$MAININT"'
   fix_wazuh
 }
 

From cd590b894a4c633f04f2291c89eff8c4ba5ebb27 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Thu, 6 Jan 2022 12:39:48 -0500
Subject: [PATCH 3/6] check that ossec.conf exists

---
 salt/common/tools/sbin/soup | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup
index de7614561..c9ba0fa1f 100755
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -872,13 +872,17 @@ apply_hotfix() {
 
 fix_wazuh() {
   FILE="/nsm/wazuh/etc/ossec.conf"
-  echo "Detecting if ossec.conf needs corrected..."
-  if head -1 $FILE | grep -q "xml version"; then
-    echo "$FILE has an XML header; removing"
-    sed -i 1d $FILE
-    so-wazuh-restart
-  else    
-    echo "$FILE does not have an XML header, so no changes are necessary."
+  echo "Detecting if $FILE needs corrected..."
+  if [ -f "$FILE" ]; then
+    if head -1 $FILE | grep -q "xml version"; then
+      echo "$FILE has an XML header; removing"
+      sed -i 1d $FILE
+      so-wazuh-restart
+    else
+      echo "$FILE does not have an XML header, so no changes are necessary."
+    fi
+  else
+    echo "$FILE does not exist, so no changes are necessary."
   fi
 }
 

From 5ecb63f5cf8aabb6f8fed6e98cb0d820aaccf103 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Thu, 6 Jan 2022 16:17:51 -0500
Subject: [PATCH 4/6] prevent exit if minion doesnt respond

---
 salt/common/tools/sbin/soup | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup
index c9ba0fa1f..843153c1d 100755
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -663,7 +663,9 @@ up_to_2.3.90() {
 up_to_2.3.100() {
   echo "Updating to Security Onion to 2.3.100"
   echo "Populating the mine with network.ip_addrs pillar.host.mainint for each host."
+  set +e
   salt \* cmd.run cmd='MAININT=$(salt-call pillar.get host:mainint --out=newline_values_only) && salt-call mine.send name=network.ip_addrs interface="$MAININT"'
+  set -e
   fix_wazuh
 }
 

From fd0e5d7d29ec0762a9ce5829d07d61dfe9caf6af Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Fri, 7 Jan 2022 11:10:48 -0500
Subject: [PATCH 5/6] make sure so-firewall is up to date

---
 salt/common/tools/sbin/soup | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup
index 843153c1d..e4198b5c9 100755
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -618,6 +618,9 @@ up_to_2.3.90() {
     fi
   done
   
+  # There was a bug in 2.3.0 so-firewall addhostgroup that was resolved in 2.3.1 - commit 32294eb2ed30ac74b15bb4bfab687084a928daf2
+  echo "Verify so-firewall is up to date"
+  verify_latest_so-firewall_script
   # Create Endgame Hostgroup
   echo "Adding endgame hostgroup with so-firewall"
   if so-firewall addhostgroup endgame 2>&1 | grep -q 'Already exists'; then
@@ -864,6 +867,22 @@ verify_latest_update_script() {
   fi
 }
 
+verify_latest_so-firewall_script() {
+  # Check to see if the so-firewall script matches. If not run the new one.
+  CURRENTSOFIREWALL=$(md5sum /usr/sbin/so-firewall | awk '{print $1}')
+  GITSOFIREWALL=$(md5sum $UPDATE_DIR/salt/common/tools/sbin/so-firewall | awk '{print $1}')
+
+  if [[ "$CURRENTSOFIREWALL" == "$GITSOFIREWALL" ]]; then
+    echo "This version of the so-firewall script is up to date. Proceeding."
+  else
+    echo "You are not running the latest version of so-firewall. Updating so-firewall."
+    cp $UPDATE_DIR/salt/common/tools/sbin/so-firewall $DEFAULT_SALT_DIR/salt/common/tools/sbin/
+    salt-call state.apply -l info common queue=True
+    echo ""
+    echo "so-firewall has been updated."
+  fi
+}
+
 apply_hotfix() {
   if [[ "$INSTALLEDVERSION" == "2.3.90" ]] ; then
     fix_wazuh

From 871fd115aeca8d57e7258d5b4bc3f563c162ed1a Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Fri, 7 Jan 2022 12:04:19 -0500
Subject: [PATCH 6/6] put so-firewalll in /usr/sbin since salt-master isnt
 running at this time

---
 salt/common/tools/sbin/soup | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup
index e4198b5c9..f5b012bb6 100755
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -877,7 +877,7 @@ verify_latest_so-firewall_script() {
   else
     echo "You are not running the latest version of so-firewall. Updating so-firewall."
     cp $UPDATE_DIR/salt/common/tools/sbin/so-firewall $DEFAULT_SALT_DIR/salt/common/tools/sbin/
-    salt-call state.apply -l info common queue=True
+    cp $UPDATE_DIR/salt/common/tools/sbin/so-firewall /usr/sbin/
     echo ""
     echo "so-firewall has been updated."
   fi